TrustArc Whitepaper

Deciphering Legitimate Interests Under the GDPR

Fill out this form to download the TrustArc Whitepaper
A report based on more than 40 cases from practice

Nymity and the FPF (Future of Privacy Forum) collaborated to compile this essential report to help organizations better understand how to use and apply legitimate interests: Processing Personal Data on the Basis of Legitimate Interests Under the GDPR. Its purpose is to help organizations better understand how to use legitimate interests as a lawful basis for processing, while also contributing to enhanced personal data protection for individuals.

The report identifies specific cases that have been decided at the national level by DPAs and Courts from the European Economic Area (EEA), as well as the most relevant cases where the Court of Justice of the European Union interpreted and applied the “legitimate interests” ground. The case represent multiple industries and are compiled into two lists: one for uses of this ground that were found lawful and one for uses that were found unlawful.

All of the cases discussed are found in the Nymity Research™ legal compliance software solution which contains over 25,000 References, including English translations of foreign documents.

There are over 40 cases discussed representing a wide variety of data processing activities from over 15 countries, such as:

    • Using key-logger software for employee monitoring
    • Use of GPS tracking data for private investigations
    • Disclosing health data for litigation purposes
    • Disclosing personal data for debt collection purposes
    • Sending emails without consent for electoral purposes
    • Publishing the sale price of homes that are no longer on the market
    • Recording employee misconduct

The summary of cases contains useful examples of how the “balancing exercise” is conducted in practice, as well as safeguards that were needed to tilt the balance and make the processing lawful.


TrustArc is the leader in privacy compliance and data protection solutions and offers an unmatched combination of innovative technology, services and TRUSTe certification solutions. TrustArc addresses all phases of privacy program management and has been delivering innovative privacy solutions for two-decades to companies across all industries. The TrustArc platform leverages deep privacy expertise and proven methodologies, which have been continuously enhanced through thousands of customer engagements. Headquartered in San Francisco, and backed by a global team across the Americas, Europe, and Asia, TrustArc helps customers worldwide demonstrate compliance, minimize risk and build trust. For additional information visit 

© 2019 TrustArc Inc    |    Privacy Policy